The techniques used by XcodeGhost, the infected version of Apple’s Xcode compiler that has caused an eruption of malware on the Apple China app store, are similar to those developed annd demonstrated by America’s Central Intelligence Agency.
A report in The Intercept, a website run by Glenn Greenwald who is well-known for having been the first to report on the NSA spying disclosures made by the former US defence contractor Edward Snowden, claims the CIA detailed the techniques at its annual top-secret Jamboree conference in 2012.
Two Intercept reporters, Jeremy Scahill and Josh Begeley, described the CIA’s project to corrupt Xcode in a story published back in March this year.
The CIA’s development of their corrupted version of Xcode was part of a multi-year plan to break the security of Apple’s iPhone and iPads, according to this report.
It said the Jamboreee conference was an annual affair and had been held for more than a decade, beginning a year before the first iPhone came on the market.
The CIA targeted security keys used on the devices and investigated how to decrypt and break Apple’s encryption in its firmware, the report claimed.
At the 2012 conference, CIA researchers also said they had created a modified version of Xcode that could plant surveillance backdoors into any software that was created with its use.
According to the report, the researchers claimed that the modified version of Xcode would allow spies to steal passwords and intercept messages on devices that were infected. It could also send all data to a central listening post.
After the Snowden revelations of blanket NSA surveillance, there has been marked growth in the use of encryption technologies. US tech companies, that have been outed as colluding with the NSA, have been under pressure to provide encryption for their users.
This, in turn, has led to the authorities putting pressure on companies to permit government access to encrypted devices through backdoors. The CIA’s efforts to break Apple’s security should be seen in this light, as Apple’s chief executive Tim Cook has taken a strong stand on privacy as a core value, the report said.